10 minute read

Tokenization

Tokenization Basics

Payment Tokens are surrogate values that replace Primary Account Numbers (PANs, or card numbers) throughout the payments ecosystem. The use of tokens protects the PAN from compromise, helping to minimize unauthorized use of cardholder account data and helping to reduce cross-channel fraudin emerging transaction environments which combine elements of mobile devices, eCommerce, and point-of-sale environments.

Provisioning tokens on mobile devices is foundational to enabling those devices to participate in payment programs such as Apple Pay™, Google Pay™, and Samsung Pay™, where devices can beused for eCommerce (using the payment information on the device or cloud for in-app or webbased purchases) and mCommerce (using payment information stored on the device or cloud for near-field communication (NFC)-based transactions to pay at the physical point of sale).

Payment Account Solutions is fully integrated with Visa's Visa Token Service (VTS). With VTS, not only are PANs updated in the token vault whenever a reissued, replaced, or upgraded card is activated, thereby creating a seamless digital cardholder experience, but the following services and functions are also kept up-to-date:

  • Token provisioning
  • Token generation and issuance
  • Application of security and controls using Visa Risk Manager
  • Establishing and managing the PAN-to-token mapping
  • Tokenized transaction processing
  • Ongoing management of token lifecycle events
  • VRU and Call Center support
  • Reporting on token provisioning activity
  • Visa Account Updater updates

Token-related completions and errors are logged in our administrative application’s historical notes, and Life Cycle Token tool users are also notified whenever a token request fails so that the token update request can be researched and reconciled.

 

Visa In-App Provisioning

Cardholder participation in digital wallets require manual entry of their card credentials into the digital wallet app during the enrollment process. Use the Visa In-App Provisioning SDK to enable your app to automatically push the cardholder's card credentials from your app to a digital wallet during provisioning. The SDK is hosted on VDC.

Provisioning Confirmation Notification

Apple Pay® and Visa Digital Enablement Program Agreement (VDEP) require that issuers participating with digital wallets, not Card on File programs, send a "provisioning confirmation notification" that informs cardholders that their card has been loaded to a digital wallet. This notification is required, takes place outside the wallet provisioning process, and is direct to the cardholder. The confirmation notification can be sent via email and text.

OTP and Yellow Path

When additional verification of a cardholder's identity is required (also called “yellow path”) to provision a card into a digital wallet, cardholders can either contact your call center to validate their identity, or they can select to receive a One-Time Passcode (OTP). OTP is an authentication method that verifies the identity of the cardholder by sending a passcode to the cardholder via email or text, which the cardholder enters into the digital wallet app, thereby authenticating the cardholder.